- On 20. Sep 2019
IoT devices are infiltrating every aspect of our life and some of us probably can’t imagine spending a day without them anymore.
Both hardware manufacturers and software vendors are challenged by the increasing risk of vulnerabilities in IoT devices that goes hand in hand with that development. The convergence of technologies including Analytics, Cloud, Mobility, Big Data along with falling sensor prices and exponential social media adoption are instrumental in driving IoT adoption in the region.
Did you know?
- The global IoT market is forecast to be worth $1.7T in 2019
- The main revenue driver for 54% of enterprise IoT projects is cost savings
- More than 80% of senior executives across industries, on average, say IoT is critical to some or all lines of their business in 2018
- 97% of organizations feel there are challenges to creating value from IoT-related data
Everyone from vendors to enterprise users to consumers is concerned that their fancy new IoT devices and systems could be compromised. The problem is worse than that, as vulnerable IoT devices can be hacked and harnessed into giant botnets that threaten even properly secured networks.
By 2021, compliance is to become the most important factor influencing the growth of IoT security. Cyberattacks on the Internet of Things (IoT) are already a reality: According to a market study, almost 20 percent of the companies surveyed have observed at least one IoT-based attack in the past three years.
Market Trends Asia
Asia, especially the growing South East Asian markets, is no exception when it comes to the new world of IoT. IoT is proving to be a promising technology and we are seeing growing traction towards its adoption. According to market research, Asia-Pacific will be the frontline for IoT with 8.6 billion things connected, creating a US$583 billion marketing opportunity by 2020 (IDC).
Some of the following market highlights show the importance of IoT for the regional development of market and technologies
Singapore recently saw the roll-out of the Narrowband IoT (NB-IoT) network, which is the first of its kind in Southeast Asia and the second in the world, is a connectivity standard backed by Telcos and the GSM Association that will catalyze the progress of Singapore’s digital economy. The project is set to be a turning point for the country’s Smart Nation initiative and digital transformation, NB-IoT-based energy management meter that will enable businesses and consumers to track their energy consumption, on top of other IoT applications such as flood monitoring, fleet management, and waste management.
According to data from Analysys Mason, total IoT revenue in Singapore is projected to be $714 million in 2025, of which connectivity and services will account for $95 million while applications will account for $349 million. The numbers signal Singapore’s position as the epicenter and hub for IoT technology in ASEAN as infrastructures have been laid out to support IoT deployments in both the public and private sectors.
Thailand 4.0 policy which aims to revolutionize the majority of the country’s industry through digitalization. Under Thailand 4.0, the Eastern Economic Corridor (EEC) is set to be a pillar of digital and economic transformation in the country. The government is set to invest $45 billion to develop the area with Digital Park Thailand as its core. The park will house digital infrastructure crucial to the country’s aim to be a digital innovation hub.
The Ministry of Digital Economy and Society introduced the Digital Agenda 2018. The agenda focuses on smart cities and IoT development to achieve Digital Thailand.
The 5 areas are:
1) Digital Infrastructure
2) Digital Government
3) Digital Manpower
4) Cyber Security
5) Digital Tech Developments
The Ministry of Digital Economy and Society also presented a Smart Cities Framework. The framework aims to develop livable cities that are efficiently managed and sustainable in operations through the use of digital technologies. The goal is to have 77 developed smart cities by 2023. Pilot smart cities such as Bangkok and Chiang Mai will serve as testbeds to refine the approach as the government accelerates the implementation process with a goal of at least 30 smart cities between 2019 to 2021.
Digital Transformation and the adoption of IoT technologies will be key to unlocking future potential growth. With IoT growing to be an integral part of the digital economy, agriculture, healthcare, manufacturing, and transportation are sectors that are identified to have the most potential for IoT deployment. To boost Malaysia’s manufacturing sector, the National Industry 4.0 Framework was put in place to provide a concerted and comprehensive transformation agenda. One of the initiatives under the 11th Malaysia Plan includes Smart Cities, which aims at incorporating IoT into the city and accelerate the progression of the digital economy. Smart Cities initiatives are being implemented in populated cities and states such as Kuala Lumpur and Selangor to test out urban management solutions
The Indonesian government is also aggressive in pushing for smart city initiatives. Under its Movement to 100 Smart City plan, the country aims to achieve smart connectivity, smart solutions, and smart user. In line with the ASEAN Smart Cities Network introduced in 2018 Indonesia has presented 3 cities: Jakarta, Makassar, and Banyuwangi, as part of the pilot phase.
Initiatives to develop the digital infrastructure of the country includes a USD$26 million plan to provide free WiFi in public spaces and educational institute and a further USD$4 million to improve internet quality and speed.
Another key area in the initiative is smart cities. As an essential component in digital economies, smart cities incorporate sustainable growth and technological integration into a country as well as giving a substantial economic boost. The Philippines have planned for multiple projects to be launched over the next decade with prominent ones such as the New Manila Bay City of Pearl and New Clark City being core developments
Prospective IoT market in the future
IoT adoption in the B2B & B2C segment is increasing with growing demand in verticals such as manufacturing, healthcare, retail and smart cities from road traffic management to building energy, parking, security, and surveillance. Some of the noticeable use cases are:
- Energy and utility organizations to reduce power theft and line losses with Smart Energy Management
- Automotive industry for connected cars and analyzing driving patterns
- Agriculture sector for water and wastewater management, water quality and assets monitoring
- Healthcare sector for telemedicine, assisted care and remote coverage
- Manufacturing industry to track and monitor high-cost assets
- Municipal councils for home automation and pre-paid metering
Scaling up security and data privacy is a key area of deep concern. There are many points of vulnerability – 70% of IoT devices are vulnerable to cyber-attacks, nearly 1 million new malware threats released every day and today, cyberattacks account for approximately $1 trillion in global losses.
Based on FireEye’s report, Asia-Pacific is 35% more likely to be targeted by advanced cyber-attacks as compared to the world.
Vulnerabilities in IoT devices are constantly exploited by attackers to access confidential corporate data, steal user information or inject dormant malware.
TOP 10 reasons for Vulnerabilities identified as per OWASP
- Weak, guessable, or hardcoded passwords
- Insecure network services
- Insecure ecosystem interfaces
- Lack of secure update mechanisms
- Use of insecure or outdated components
- Insufficient privacy protection
- Insecure data transfer and storage
- Lack of device management
- Insecure default settings
- Lack of physical hardening
IoT Firmware – a weak spot
Manufacturers who make their firmware public and follow GPL practices are doing themselves a huge favor: by making firmware public, manufacturers are enabling a world-wide network of the best security talent to find bugs, disclose them responsibly, and improve security for their customers. Without this transparency, they exclude so many responsible researchers and enable threat actors who easily obtain their firmware through chip extraction, man-in-the-middling updates, and stealing firmware from update servers.
Many of the vulnerabilities we uncovered are simple: hardcoded, default passwords, debugging tools that should have been removed before production, easily detected authentication vulnerabilities, trivially exploitable memory corruption bugs.
We appreciate the challenges IoT manufacturers face – writing secure software, verifying third-party software from their supply chain, responding quickly to vulnerabilities disclosed against devices that are often hard to update.
Unfortunately, we find that manufacturers who try to implement security into their processes tend to focus only on the security of the application software they are writing themselves and completely ignore the most widely exploited classes of vulnerabilities: third-party software/firmware vulnerabilities, configuration vulnerabilities, and authentication vulnerabilities.”
One of the biggest yet easiest steps that manufacturers can take is to scan through their firmware before they release it. This can be done through an automated tool like IoT Inspector (a firmware analysis tool developed by SEC Consult) and can be further supported through manual checking for these types of identified vulnerabilities.
“The return on investment is easy to calculate”, Michael Ganzwohl, CEO SEC Consult APAC explains, “the decision to initially assess the firmware through IoT Inspector before the rollout of lets say 20,000 components over several countries, or to fix the problem after the rollout should be an easy one for the Management”.